GM/T 0046-2016 PDF in English
GM/T 0046-2016 (GM/T0046-2016, GMT 0046-2016, GMT0046-2016)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GM/T 0046-2016 | English | 150 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Financial data cipher machine test specification
| Valid |
Standards related to (historical): GM/T 0046-2016
PDF Preview
GM/T 0046-2016: PDF in English (GMT 0046-2016) GM/T 0046-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58551-2017
Test specification for financial cryptographic server
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviation ... 8
5 Requirements for test environment ... 8
6 Test content and test methods .. 9
6.1 Test items .. 9
6.2 Appearance and structure inspection ... 9
6.3 Function test ... 10
6.3.1 Initialization test ... 10
6.3.2 Cryptographic operation test ... 11
6.3.3 Key management test ... 13
6.3.4 Random number test .. 14
6.3.5 Access control test ... 14
6.3.6 Device management test ... 15
6.3.7 Log audit test ... 15
6.3.8 Device self-test ... 16
6.3.9 Data message interface detection ... 16
6.4 Performance test ... 17
6.4.1 Calculation method of performance indicator ... 17
6.4.2 PIN encryption performance test ... 18
6.4.3 PIN trans-encryption performance test .. 18
6.4.4 MAC calculation performance test ... 18
6.4.5 ARQC verification performance test ... 18
6.4.6 Encryption and decryption performance test of symmetric cryptographic
algorithm .. 18
6.4.7 Encryption and decryption performance test of asymmetric cryptographic
algorithm .. 19
6.4.8 Data hash algorithm performance test ... 19
6.4.9 Random number generator performance test ... 19
6.4.10 Asymmetric key generation performance test ... 20
6.4.11 Asymmetric algorithm signature, signature verification performance tests . 20
6.5 Other test ... 20
6.5.1 Security test of device .. 20
6.5.2 Environmental suitability test ... 20
6.5.3 Reliability test ... 20
7 Requirements for submitted technical document ... 20
8 Conditions for qualification determination ... 21
Annex A (normative) Test item list ... 22
Bibliography ... 28
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of Code
Industry Standardization Technical Committee.
The drafting organizations of this Standard. Wuxi Jiangnan Information Security
Engineering Technology Center, State Cryptography Administration
Commercial Cryptography Detection Center, Westone Information Industry
Company Limited, Xing Tang Communication Technology Co., Ltd., Shandong
De'an Information Technology Co., Ltd.
Main drafters of this Standard. Zhang Suocheng, Qi Chuanbing, Li Dawei, Deng
Kaiyong, Luo Peng, Li Guoyou, Liu Chang, Xiao Qiulin, Ding Yuquan, Liu
Xianxaing, Li Yuanzheng, Wang Nina, Kong Fanyu.
Test specification for financial cryptographic server
1 Scope
This Standard specifies the test requirements and test methods for financial
cryptographic server.
This Standard is applicable to the detection of financial cryptographic server as
well as the development of this type of cryptographic device.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 32915, Information security technology - Binary sequence randomness
detection method
GM/T 0028, Security Requirements for Cryptographic Modules
GM/T 0039, Security Test Requirements for Cryptographic Modules
GM/T 0045-2016, Specifications of financial cryptographic server
GM/T 0050, Code device management - Device management technical
specification
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 financial cryptographic server
a cryptographic device that is used in finance field to protect financial data
security, mainly for PIN encryption, PIN trans-encryption, MAC generation and
check, data encryption and decryption, signature verification as well as key
management and other cryptographic services
3.2 symmetric cryptographic algorithm
a cryptographic algorithm that encryption and decryption use same key
a hash algorithm with its output of 256 bits
3.11 SM4 algorithm
a block cryptographic algorithm with group length of 128 bits, key length of 128
bits
3.12 physical secure environment; PSE
an environment with access control mechanisms or other security mechanisms;
it is designed to prevent partial or total leakage of key, or leakage of other
private data stored in the environment, such as any unauthorized access, for
example, room or security entity with uninterrupted access control, physical
security protection and monitoring
3.13 physical protection; PP
physically secure the hardware cryptographic device and its keys or sensitive
information, for example, using prying resistance means to prevent the
cryptographic server being unauthorized opened
3.14 master key; MK
in the hierarchy of the key encryption key and the transmission key, the highest-
level key encryption key is called a master key, also known as master file key
or local master key
3.15 key separation; KS
ensure that each cryptographic operation uses only the specified key type, for
example, the MAC key can only be used to generate a message authentication
code
3.16 data key; DK
a key that is to protect PIN and calculate MAC, including MAC key (MAK) and
PIN key (PINK), also known as working key
3.17 check value; CV
through the result value calculated by irreversible algorithm, the check value
usually transforms a random string of results under a key; in the case of an
unknown key, it is not feasible to calculate the correct check value, and a key
cannot be determined by the check value
3.18 personal identification number; PIN
in financial business, a digital ID that authorizes a cardholder in a request for
authorization message; PIN only contains decimal number
b) with power indicator light;
c) with state indicator light;
d) with failure indicator light;
e) with at least one service port;
f) with at least one management port;
g) if the key storage uses micro-protection memory, it shall have a key self-
destruction mechanism.
The financial cryptographic server shall have the following components or ports.
a) one printing port is preferred;
b) if the key is used in plaintext in the financial cryptographic server memory,
it shall have a memory cleaning mechanism;
c) a chassis shell grounding device is preferred;
d) redundant power supply is preferred;
e) IC card socket is preferred;
f) USB port is preferred;
g) human-computer interaction component is preferred.
6.3 Function test
6.3.1 Initialization test
The financial cryptographic server shall have initialization function to realize the
switching between initial state to working state of the device.
The initial operation of the financial cryptographic server mainly includes initial
system configuration, initializing the administrator or operator, initial key
generation (or recovery) and installation. The financial cryptographic server
provides cryptographic services only after the initialization operation is
completed. After initial configuration of the financial cryptographic server, it can
automatically enter the working state to provide cryptography service.
If the initial configuration is not performed, when the financial cryptographic
server starts up, it shall alarm via indicator light and sound to prompt user to
initialize. At this moment, the financial cryptographic server cannot provide
cryptography service.
k) SM2 key agreement.
The test methods for cryptographic operation of financial cryptographic server.
a) SM4 ECB encryption. encrypt the given key and plaintext through ECB
mode, the result shall be exactly same with the given ciphertext;
b) SM4 ECB decryption. decrypt the given key and ciphertext through ECB
mode, the result shall be exactly same with the given plaintext;
c) SM4 CBC encryption. encrypt the given IV, key and plaintext through CBC
mode, the result shall be exactly same with the given ciphertext;
d) SM4 CBC decryption. decrypt the given IV, key and plaintext through CBC
mode, the result shall be exactly same with the given plaintext;
e) SM3 hash. call SM3 algorithm for given information to calculate the hash
value, the result shall be exactly same with the given hash value;
f) SM2 key generation. call financial cryptographic server to generate a SM1
key pair, then use its private key pair to sign the designa...
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|